P
US7797434B2ExpiredUtilityPatentIndex 92

Method and system for user-determind attribute storage in a federated environment

Assignee: IBMPriority: Dec 31, 2002Filed: Dec 31, 2002Granted: Sep 14, 2010
Est. expiryDec 31, 2022(expired)· nominal 20-yr term from priority
Inventors:BLAKLEY III GEORGE ROBERTHINTON HEATHER MARIAPFITZMANN BIRGIT MONIKA
G06F 21/41H04L 63/0807H04L 63/101
92
PatentIndex Score
30
Cited by
11
References
33
Claims

Abstract

A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

Claims

exact text as granted — not AI-modified
1. A method for managing user attribute information within a data processing system, the method comprising:
 receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user to complete a transaction for the user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider comprises an attribute management machine and an associated database that maintains user attribute information for the user and is distinct from the service provider that is attempting to retrieve the user attribute information to complete the transaction for the user; 
 verifying that the request message is from a service provider that is trusted by the attribute information provider; 
 after receipt of the request message at the attribute information provider and prior to the attribute information provider sending a response message, determining whether the attribute information provider is currently maintaining a requested user attribute for the user; and 
 if the attribute information provider is currently maintaining the requested user attribute for the user, requesting and receiving user input by the attribute information provider prior to sending the response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user. 
 
   
   
     2. The method of  claim 1  further comprising:
 prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider. 
 
   
   
     3. The method of  claim 1  further comprising:
 prompting the user to enter a value for a releasability condition for a user attribute. 
 
   
   
     4. The method of  claim 3  further comprising:
 prompting the user to enter a value for a temporal restraint for the releasability condition. 
 
   
   
     5. The method of  claim 4  further comprising:
 indicating that the temporal restraint is effective permanently. 
 
   
   
     6. The method of  claim 4  further comprising:
 indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider. 
 
   
   
     7. The method of  claim 3  further comprising:
 prompting the user to enter a value for a domain restraint for the releasability condition. 
 
   
   
     8. The method of  claim 7  further comprising:
 indicating that the domain restraint is for the service provider. 
 
   
   
     9. The method of  claim 8  further comprising:
 indicating that the domain restraint is effective permanently. 
 
   
   
     10. The method of  claim 1  further comprising:
 prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message. 
 
   
   
     11. The method of  claim 10  further comprising:
 indicating that the permission condition is effective permanently. 
 
   
   
     12. A data processing system for managing user attribute information, the data processing system comprising:
 a processor; 
 a computer memory holding computer program instructions which, when executed by the processor, perform a method comprising: 
 receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user to complete a transaction for the user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider maintains user attribute information for the user and is distinct from the service provider that is attempting to retrieve the user attribute information to complete the transaction for the user; 
 verifying that the request message is from a service provider that is trusted by the attribute information provider; 
 after receipt of the request message at the attribute information provider and prior to the attribute information provider sending a response message, determining whether the attribute information provider is currently maintaining a requested user attribute for the user; and 
 responsive to a determination that the attribute information provider is currently maintaining the requested user attribute for the user, requesting and receiving user input by the attribute information provider prior to sending the response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user. 
 
   
   
     13. The data processing system of  claim 12  wherein the method further comprises:
 prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider. 
 
   
   
     14. The data processing system of  claim 12  wherein the method further comprises:
 prompting the user to enter a value for a releasability condition for a user attribute. 
 
   
   
     15. The data processing system of  claim 14  wherein the method further comprises:
 prompting the user to enter a value for a temporal restraint for the releasability condition. 
 
   
   
     16. The data processing system of  claim 15  wherein the method further comprises:
 indicating that the temporal restraint is effective permanently. 
 
   
   
     17. The data processing system of  claim 15  wherein the method further comprises:
 indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider. 
 
   
   
     18. The data processing system of  claim 14  wherein the method further comprises:
 prompting the user to enter a value for a domain restraint for the releasability condition. 
 
   
   
     19. The data processing system of  claim 18  wherein the method further comprises:
 indicating that the domain restraint is for the service provider. 
 
   
   
     20. The data processing system of  claim 19  wherein the method further comprises:
 indicating that the domain restraint is effective permanently. 
 
   
   
     21. The data processing system of  claim 12  wherein the method further comprises:
 prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message. 
 
   
   
     22. The data processing system of  claim 21  wherein the method further comprises:
 indicating that the permission condition is effective permanently. 
 
   
   
     23. A computer program product in a computer readable medium for managing user attribute information in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform method comprising:
 receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user to complete a transaction for the user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider maintains user attribute information for the user and is distinct from the service provider that is attempting to retrieve the user attribute information to complete the transaction for the user; 
 verifying that the request message is from a service provider that is trusted by the attribute information provider; 
 after receipt of the request message at the attribute information provider and prior to the attribute information provider sending a response message, determining whether the attribute information provider is currently maintaining a requested user attribute for the user; and 
 responsive to a determination that the attribute information provider is currently maintaining the requested user attribute for the user, requesting and receiving user input by the attribute information provider prior to sending the response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user. 
 
   
   
     24. The computer program product of  claim 23  wherein the method further comprises:
 prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider. 
 
   
   
     25. The computer program product of  claim 23  wherein the method further comprises:
 prompting the user to enter a value for a releasability condition for a user attribute. 
 
   
   
     26. The computer program product of  claim 25  wherein the method further comprises:
 prompting the user to enter a value for a temporal restraint for the releasability condition. 
 
   
   
     27. The computer program product of  claim 26  wherein the method further comprises:
 indicating that the temporal restraint is effective permanently. 
 
   
   
     28. The computer program product of  claim 26  wherein the method further comprises:
 indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider. 
 
   
   
     29. The computer program product of  claim 20  wherein the method further comprises:
 prompting the user to enter a value for a domain restraint for the releasability condition. 
 
   
   
     30. The computer program product of  claim 29  wherein the method further comprises:
 indicating that the domain restraint is for the service provider. 
 
   
   
     31. The computer program product of  claim 30  wherein the method further comprises:
 indicating that the domain restraint is effective permanently. 
 
   
   
     32. The computer program product of  claim 23  wherein the method further comprises:
 prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message. 
 
   
   
     33. The computer program product of  claim 32  wherein the method further comprises:
 indicating that the permission condition is effective permanently.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.